azure-native.security.AssessmentMetadataInSubscription
Explore with Pulumi AI
Security assessment metadata response Azure REST API version: 2021-06-01. Prior API version in Azure Native 1.x: 2020-01-01.
Example Usage
Create security assessment metadata for subscription
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var assessmentMetadataInSubscription = new AzureNative.Security.AssessmentMetadataInSubscription("assessmentMetadataInSubscription", new()
{
AssessmentMetadataName = "ca039e75-a276-4175-aebc-bcd41e4b14b7",
AssessmentType = AzureNative.Security.AssessmentType.CustomerManaged,
Categories = new[]
{
AzureNative.Security.Categories.Compute,
},
Description = "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
DisplayName = "Install endpoint protection solution on virtual machine scale sets",
ImplementationEffort = AzureNative.Security.ImplementationEffort.Low,
RemediationDescription = "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
Severity = AzureNative.Security.Severity.Medium,
Threats = new[]
{
AzureNative.Security.Threats.DataExfiltration,
AzureNative.Security.Threats.DataSpillage,
AzureNative.Security.Threats.MaliciousInsider,
},
UserImpact = AzureNative.Security.UserImpact.Low,
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewAssessmentMetadataInSubscription(ctx, "assessmentMetadataInSubscription", &security.AssessmentMetadataInSubscriptionArgs{
AssessmentMetadataName: pulumi.String("ca039e75-a276-4175-aebc-bcd41e4b14b7"),
AssessmentType: pulumi.String(security.AssessmentTypeCustomerManaged),
Categories: pulumi.StringArray{
pulumi.String(security.CategoriesCompute),
},
Description: pulumi.String("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities."),
DisplayName: pulumi.String("Install endpoint protection solution on virtual machine scale sets"),
ImplementationEffort: pulumi.String(security.ImplementationEffortLow),
RemediationDescription: pulumi.String("To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>"),
Severity: pulumi.String(security.SeverityMedium),
Threats: pulumi.StringArray{
pulumi.String(security.ThreatsDataExfiltration),
pulumi.String(security.ThreatsDataSpillage),
pulumi.String(security.ThreatsMaliciousInsider),
},
UserImpact: pulumi.String(security.UserImpactLow),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.AssessmentMetadataInSubscription;
import com.pulumi.azurenative.security.AssessmentMetadataInSubscriptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var assessmentMetadataInSubscription = new AssessmentMetadataInSubscription("assessmentMetadataInSubscription", AssessmentMetadataInSubscriptionArgs.builder()
.assessmentMetadataName("ca039e75-a276-4175-aebc-bcd41e4b14b7")
.assessmentType("CustomerManaged")
.categories("Compute")
.description("Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.")
.displayName("Install endpoint protection solution on virtual machine scale sets")
.implementationEffort("Low")
.remediationDescription("To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>")
.severity("Medium")
.threats(
"dataExfiltration",
"dataSpillage",
"maliciousInsider")
.userImpact("Low")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
assessment_metadata_in_subscription = azure_native.security.AssessmentMetadataInSubscription("assessmentMetadataInSubscription",
assessment_metadata_name="ca039e75-a276-4175-aebc-bcd41e4b14b7",
assessment_type=azure_native.security.AssessmentType.CUSTOMER_MANAGED,
categories=[azure_native.security.Categories.COMPUTE],
description="Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
display_name="Install endpoint protection solution on virtual machine scale sets",
implementation_effort=azure_native.security.ImplementationEffort.LOW,
remediation_description="To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
severity=azure_native.security.Severity.MEDIUM,
threats=[
azure_native.security.Threats.DATA_EXFILTRATION,
azure_native.security.Threats.DATA_SPILLAGE,
azure_native.security.Threats.MALICIOUS_INSIDER,
],
user_impact=azure_native.security.UserImpact.LOW)
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const assessmentMetadataInSubscription = new azure_native.security.AssessmentMetadataInSubscription("assessmentMetadataInSubscription", {
assessmentMetadataName: "ca039e75-a276-4175-aebc-bcd41e4b14b7",
assessmentType: azure_native.security.AssessmentType.CustomerManaged,
categories: [azure_native.security.Categories.Compute],
description: "Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.",
displayName: "Install endpoint protection solution on virtual machine scale sets",
implementationEffort: azure_native.security.ImplementationEffort.Low,
remediationDescription: "To install an endpoint protection solution: 1. <a href=\"https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set\">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>",
severity: azure_native.security.Severity.Medium,
threats: [
azure_native.security.Threats.DataExfiltration,
azure_native.security.Threats.DataSpillage,
azure_native.security.Threats.MaliciousInsider,
],
userImpact: azure_native.security.UserImpact.Low,
});
resources:
assessmentMetadataInSubscription:
type: azure-native:security:AssessmentMetadataInSubscription
properties:
assessmentMetadataName: ca039e75-a276-4175-aebc-bcd41e4b14b7
assessmentType: CustomerManaged
categories:
- Compute
description: Install an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.
displayName: Install endpoint protection solution on virtual machine scale sets
implementationEffort: Low
remediationDescription: 'To install an endpoint protection solution: 1. <a href="https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-faq#how-do-i-turn-on-antimalware-in-my-virtual-machine-scale-set">Follow the instructions in How do I turn on antimalware in my virtual machine scale set</a>'
severity: Medium
threats:
- dataExfiltration
- dataSpillage
- maliciousInsider
userImpact: Low
Create AssessmentMetadataInSubscription Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AssessmentMetadataInSubscription(name: string, args: AssessmentMetadataInSubscriptionArgs, opts?: CustomResourceOptions);
@overload
def AssessmentMetadataInSubscription(resource_name: str,
args: AssessmentMetadataInSubscriptionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AssessmentMetadataInSubscription(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
assessment_type: Optional[Union[str, AssessmentType]] = None,
severity: Optional[Union[str, Severity]] = None,
preview: Optional[bool] = None,
description: Optional[str] = None,
implementation_effort: Optional[Union[str, ImplementationEffort]] = None,
partner_data: Optional[SecurityAssessmentMetadataPartnerDataArgs] = None,
planned_deprecation_date: Optional[str] = None,
assessment_metadata_name: Optional[str] = None,
publish_dates: Optional[SecurityAssessmentMetadataPropertiesResponsePublishDatesArgs] = None,
remediation_description: Optional[str] = None,
categories: Optional[Sequence[Union[str, Categories]]] = None,
tactics: Optional[Sequence[Union[str, Tactics]]] = None,
techniques: Optional[Sequence[Union[str, Techniques]]] = None,
threats: Optional[Sequence[Union[str, Threats]]] = None,
user_impact: Optional[Union[str, UserImpact]] = None)
func NewAssessmentMetadataInSubscription(ctx *Context, name string, args AssessmentMetadataInSubscriptionArgs, opts ...ResourceOption) (*AssessmentMetadataInSubscription, error)
public AssessmentMetadataInSubscription(string name, AssessmentMetadataInSubscriptionArgs args, CustomResourceOptions? opts = null)
public AssessmentMetadataInSubscription(String name, AssessmentMetadataInSubscriptionArgs args)
public AssessmentMetadataInSubscription(String name, AssessmentMetadataInSubscriptionArgs args, CustomResourceOptions options)
type: azure-native:security:AssessmentMetadataInSubscription
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AssessmentMetadataInSubscriptionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AssessmentMetadataInSubscriptionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AssessmentMetadataInSubscriptionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AssessmentMetadataInSubscriptionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AssessmentMetadataInSubscriptionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var assessmentMetadataInSubscriptionResource = new AzureNative.Security.AssessmentMetadataInSubscription("assessmentMetadataInSubscriptionResource", new()
{
DisplayName = "string",
AssessmentType = "string",
Severity = "string",
Preview = false,
Description = "string",
ImplementationEffort = "string",
PartnerData = new AzureNative.Security.Inputs.SecurityAssessmentMetadataPartnerDataArgs
{
PartnerName = "string",
Secret = "string",
ProductName = "string",
},
PlannedDeprecationDate = "string",
AssessmentMetadataName = "string",
PublishDates = new AzureNative.Security.Inputs.SecurityAssessmentMetadataPropertiesResponsePublishDatesArgs
{
Public = "string",
GA = "string",
},
RemediationDescription = "string",
Categories = new[]
{
"string",
},
Tactics = new[]
{
"string",
},
Techniques = new[]
{
"string",
},
Threats = new[]
{
"string",
},
UserImpact = "string",
});
example, err := security.NewAssessmentMetadataInSubscription(ctx, "assessmentMetadataInSubscriptionResource", &security.AssessmentMetadataInSubscriptionArgs{
DisplayName: pulumi.String("string"),
AssessmentType: pulumi.String("string"),
Severity: pulumi.String("string"),
Preview: pulumi.Bool(false),
Description: pulumi.String("string"),
ImplementationEffort: pulumi.String("string"),
PartnerData: &security.SecurityAssessmentMetadataPartnerDataArgs{
PartnerName: pulumi.String("string"),
Secret: pulumi.String("string"),
ProductName: pulumi.String("string"),
},
PlannedDeprecationDate: pulumi.String("string"),
AssessmentMetadataName: pulumi.String("string"),
PublishDates: &security.SecurityAssessmentMetadataPropertiesResponsePublishDatesArgs{
Public: pulumi.String("string"),
GA: pulumi.String("string"),
},
RemediationDescription: pulumi.String("string"),
Categories: pulumi.StringArray{
pulumi.String("string"),
},
Tactics: pulumi.StringArray{
pulumi.String("string"),
},
Techniques: pulumi.StringArray{
pulumi.String("string"),
},
Threats: pulumi.StringArray{
pulumi.String("string"),
},
UserImpact: pulumi.String("string"),
})
var assessmentMetadataInSubscriptionResource = new AssessmentMetadataInSubscription("assessmentMetadataInSubscriptionResource", AssessmentMetadataInSubscriptionArgs.builder()
.displayName("string")
.assessmentType("string")
.severity("string")
.preview(false)
.description("string")
.implementationEffort("string")
.partnerData(SecurityAssessmentMetadataPartnerDataArgs.builder()
.partnerName("string")
.secret("string")
.productName("string")
.build())
.plannedDeprecationDate("string")
.assessmentMetadataName("string")
.publishDates(SecurityAssessmentMetadataPropertiesResponsePublishDatesArgs.builder()
.public_("string")
.gA("string")
.build())
.remediationDescription("string")
.categories("string")
.tactics("string")
.techniques("string")
.threats("string")
.userImpact("string")
.build());
assessment_metadata_in_subscription_resource = azure_native.security.AssessmentMetadataInSubscription("assessmentMetadataInSubscriptionResource",
display_name="string",
assessment_type="string",
severity="string",
preview=False,
description="string",
implementation_effort="string",
partner_data={
"partner_name": "string",
"secret": "string",
"product_name": "string",
},
planned_deprecation_date="string",
assessment_metadata_name="string",
publish_dates={
"public": "string",
"g_a": "string",
},
remediation_description="string",
categories=["string"],
tactics=["string"],
techniques=["string"],
threats=["string"],
user_impact="string")
const assessmentMetadataInSubscriptionResource = new azure_native.security.AssessmentMetadataInSubscription("assessmentMetadataInSubscriptionResource", {
displayName: "string",
assessmentType: "string",
severity: "string",
preview: false,
description: "string",
implementationEffort: "string",
partnerData: {
partnerName: "string",
secret: "string",
productName: "string",
},
plannedDeprecationDate: "string",
assessmentMetadataName: "string",
publishDates: {
"public": "string",
gA: "string",
},
remediationDescription: "string",
categories: ["string"],
tactics: ["string"],
techniques: ["string"],
threats: ["string"],
userImpact: "string",
});
type: azure-native:security:AssessmentMetadataInSubscription
properties:
assessmentMetadataName: string
assessmentType: string
categories:
- string
description: string
displayName: string
implementationEffort: string
partnerData:
partnerName: string
productName: string
secret: string
plannedDeprecationDate: string
preview: false
publishDates:
gA: string
public: string
remediationDescription: string
severity: string
tactics:
- string
techniques:
- string
threats:
- string
userImpact: string
AssessmentMetadataInSubscription Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AssessmentMetadataInSubscription resource accepts the following input properties:
- Assessment
Type string | Pulumi.Azure Native. Security. Assessment Type - BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
- Display
Name string - User friendly display name of the assessment
- Severity
string | Pulumi.
Azure Native. Security. Severity - The severity level of the assessment
- Assessment
Metadata stringName - The Assessment Key - Unique key for the assessment type
- Categories
List<Union<string, Pulumi.
Azure Native. Security. Categories>> - Description string
- Human readable description of the assessment
- Implementation
Effort string | Pulumi.Azure Native. Security. Implementation Effort - The implementation effort required to remediate this assessment
- Partner
Data Pulumi.Azure Native. Security. Inputs. Security Assessment Metadata Partner Data - Describes the partner that created the assessment
- Planned
Deprecation stringDate - Preview bool
- True if this assessment is in preview release status
- Publish
Dates Pulumi.Azure Native. Security. Inputs. Security Assessment Metadata Properties Response Publish Dates - Remediation
Description string - Human readable description of what you should do to mitigate this security issue
- Tactics
List<Union<string, Pulumi.
Azure Native. Security. Tactics>> - Techniques
List<Union<string, Pulumi.
Azure Native. Security. Techniques>> - Threats
List<Union<string, Pulumi.
Azure Native. Security. Threats>> - User
Impact string | Pulumi.Azure Native. Security. User Impact - The user impact of the assessment
- Assessment
Type string | AssessmentType - BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
- Display
Name string - User friendly display name of the assessment
- Severity string | Severity
- The severity level of the assessment
- Assessment
Metadata stringName - The Assessment Key - Unique key for the assessment type
- Categories []string
- Description string
- Human readable description of the assessment
- Implementation
Effort string | ImplementationEffort - The implementation effort required to remediate this assessment
- Partner
Data SecurityAssessment Metadata Partner Data Args - Describes the partner that created the assessment
- Planned
Deprecation stringDate - Preview bool
- True if this assessment is in preview release status
- Publish
Dates SecurityAssessment Metadata Properties Response Publish Dates Args - Remediation
Description string - Human readable description of what you should do to mitigate this security issue
- Tactics []string
- Techniques []string
- Threats []string
- User
Impact string | UserImpact - The user impact of the assessment
- assessment
Type String | AssessmentType - BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
- display
Name String - User friendly display name of the assessment
- severity String | Severity
- The severity level of the assessment
- assessment
Metadata StringName - The Assessment Key - Unique key for the assessment type
- categories List<Either<String,Categories>>
- description String
- Human readable description of the assessment
- implementation
Effort String | ImplementationEffort - The implementation effort required to remediate this assessment
- partner
Data SecurityAssessment Metadata Partner Data - Describes the partner that created the assessment
- planned
Deprecation StringDate - preview Boolean
- True if this assessment is in preview release status
- publish
Dates SecurityAssessment Metadata Properties Response Publish Dates - remediation
Description String - Human readable description of what you should do to mitigate this security issue
- tactics List<Either<String,Tactics>>
- techniques List<Either<String,Techniques>>
- threats List<Either<String,Threats>>
- user
Impact String | UserImpact - The user impact of the assessment
- assessment
Type string | AssessmentType - BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
- display
Name string - User friendly display name of the assessment
- severity string | Severity
- The severity level of the assessment
- assessment
Metadata stringName - The Assessment Key - Unique key for the assessment type
- categories (string | Categories)[]
- description string
- Human readable description of the assessment
- implementation
Effort string | ImplementationEffort - The implementation effort required to remediate this assessment
- partner
Data SecurityAssessment Metadata Partner Data - Describes the partner that created the assessment
- planned
Deprecation stringDate - preview boolean
- True if this assessment is in preview release status
- publish
Dates SecurityAssessment Metadata Properties Response Publish Dates - remediation
Description string - Human readable description of what you should do to mitigate this security issue
- tactics (string | Tactics)[]
- techniques (string | Techniques)[]
- threats (string | Threats)[]
- user
Impact string | UserImpact - The user impact of the assessment
- assessment_
type str | AssessmentType - BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
- display_
name str - User friendly display name of the assessment
- severity str | Severity
- The severity level of the assessment
- assessment_
metadata_ strname - The Assessment Key - Unique key for the assessment type
- categories Sequence[Union[str, Categories]]
- description str
- Human readable description of the assessment
- implementation_
effort str | ImplementationEffort - The implementation effort required to remediate this assessment
- partner_
data SecurityAssessment Metadata Partner Data Args - Describes the partner that created the assessment
- planned_
deprecation_ strdate - preview bool
- True if this assessment is in preview release status
- publish_
dates SecurityAssessment Metadata Properties Response Publish Dates Args - remediation_
description str - Human readable description of what you should do to mitigate this security issue
- tactics Sequence[Union[str, Tactics]]
- techniques Sequence[Union[str, Techniques]]
- threats Sequence[Union[str, Threats]]
- user_
impact str | UserImpact - The user impact of the assessment
- assessment
Type String | "BuiltIn" | "Custom Policy" | "Customer Managed" - BuiltIn if the assessment based on built-in Azure Policy definition, Custom if the assessment based on custom Azure Policy definition
- display
Name String - User friendly display name of the assessment
- severity String | "Low" | "Medium" | "High"
- The severity level of the assessment
- assessment
Metadata StringName - The Assessment Key - Unique key for the assessment type
- categories
List<String | "Compute" | "Networking" | "Data" | "Identity
And Access" | "Io T"> - description String
- Human readable description of the assessment
- implementation
Effort String | "Low" | "Moderate" | "High" - The implementation effort required to remediate this assessment
- partner
Data Property Map - Describes the partner that created the assessment
- planned
Deprecation StringDate - preview Boolean
- True if this assessment is in preview release status
- publish
Dates Property Map - remediation
Description String - Human readable description of what you should do to mitigate this security issue
- tactics List<String | "Reconnaissance" | "Resource Development" | "Initial Access" | "Execution" | "Persistence" | "Privilege Escalation" | "Defense Evasion" | "Credential Access" | "Discovery" | "Lateral Movement" | "Collection" | "Command and Control" | "Exfiltration" | "Impact">
- techniques List<String | "Abuse Elevation Control Mechanism" | "Access Token Manipulation" | "Account Discovery" | "Account Manipulation" | "Active Scanning" | "Application Layer Protocol" | "Audio Capture" | "Boot or Logon Autostart Execution" | "Boot or Logon Initialization Scripts" | "Brute Force" | "Cloud Infrastructure Discovery" | "Cloud Service Dashboard" | "Cloud Service Discovery" | "Command and Scripting Interpreter" | "Compromise Client Software Binary" | "Compromise Infrastructure" | "Container and Resource Discovery" | "Create Account" | "Create or Modify System Process" | "Credentials from Password Stores" | "Data Destruction" | "Data Encrypted for Impact" | "Data from Cloud Storage Object" | "Data from Configuration Repository" | "Data from Information Repositories" | "Data from Local System" | "Data Manipulation" | "Data Staged" | "Defacement" | "Deobfuscate/Decode Files or Information" | "Disk Wipe" | "Domain Trust Discovery" | "Drive-by Compromise" | "Dynamic Resolution" | "Endpoint Denial of Service" | "Event Triggered Execution" | "Exfiltration Over Alternative Protocol" | "Exploit Public-Facing Application" | "Exploitation for Client Execution" | "Exploitation for Credential Access" | "Exploitation for Defense Evasion" | "Exploitation for Privilege Escalation" | "Exploitation of Remote Services" | "External Remote Services" | "Fallback Channels" | "File and Directory Discovery" | "Gather Victim Network Information" | "Hide Artifacts" | "Hijack Execution Flow" | "Impair Defenses" | "Implant Container Image" | "Indicator Removal on Host" | "Indirect Command Execution" | "Ingress Tool Transfer" | "Input Capture" | "Inter-Process Communication" | "Lateral Tool Transfer" | "Man-in-the-Middle" | "Masquerading" | "Modify Authentication Process" | "Modify Registry" | "Network Denial of Service" | "Network Service Scanning" | "Network Sniffing" | "Non-Application Layer Protocol" | "Non-Standard Port" | "Obtain Capabilities" | "Obfuscated Files or Information" | "Office Application Startup" | "OS Credential Dumping" | "Permission Groups Discovery" | "Phishing" | "Pre-OS Boot" | "Process Discovery" | "Process Injection" | "Protocol Tunneling" | "Proxy" | "Query Registry" | "Remote Access Software" | "Remote Service Session Hijacking" | "Remote Services" | "Remote System Discovery" | "Resource Hijacking" | "Scheduled Task/Job" | "Screen Capture" | "Search Victim-Owned Websites" | "Server Software Component" | "Service Stop" | "Signed Binary Proxy Execution" | "Software Deployment Tools" | "SQL Stored Procedures" | "Steal or Forge Kerberos Tickets" | "Subvert Trust Controls" | "Supply Chain Compromise" | "System Information Discovery" | "Taint Shared Content" | "Traffic Signaling" | "Transfer Data to Cloud Account" | "Trusted Relationship" | "Unsecured Credentials" | "User Execution" | "Valid Accounts" | "Windows Management Instrumentation" | "File and Directory Permissions Modification">
- threats
List<String | "account
Breach" | "data Exfiltration" | "data Spillage" | "malicious Insider" | "elevation Of Privilege" | "threat Resistance" | "missing Coverage" | "denial Of Service"> - user
Impact String | "Low" | "Moderate" | "High" - The user impact of the assessment
Outputs
All input properties are implicitly available as output properties. Additionally, the AssessmentMetadataInSubscription resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name
- Policy
Definition stringId - Azure resource ID of the policy definition that turns this assessment calculation on
- Type string
- Resource type
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name
- Policy
Definition stringId - Azure resource ID of the policy definition that turns this assessment calculation on
- Type string
- Resource type
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name
- policy
Definition StringId - Azure resource ID of the policy definition that turns this assessment calculation on
- type String
- Resource type
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Resource name
- policy
Definition stringId - Azure resource ID of the policy definition that turns this assessment calculation on
- type string
- Resource type
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Resource name
- policy_
definition_ strid - Azure resource ID of the policy definition that turns this assessment calculation on
- type str
- Resource type
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name
- policy
Definition StringId - Azure resource ID of the policy definition that turns this assessment calculation on
- type String
- Resource type
Supporting Types
AssessmentType, AssessmentTypeArgs
- Built
In - BuiltInMicrosoft Defender for Cloud managed assessments
- Custom
Policy - CustomPolicyUser defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
- Customer
Managed - CustomerManagedUser assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
- Assessment
Type Built In - BuiltInMicrosoft Defender for Cloud managed assessments
- Assessment
Type Custom Policy - CustomPolicyUser defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
- Assessment
Type Customer Managed - CustomerManagedUser assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
- Built
In - BuiltInMicrosoft Defender for Cloud managed assessments
- Custom
Policy - CustomPolicyUser defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
- Customer
Managed - CustomerManagedUser assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
- Built
In - BuiltInMicrosoft Defender for Cloud managed assessments
- Custom
Policy - CustomPolicyUser defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
- Customer
Managed - CustomerManagedUser assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
- BUILT_IN
- BuiltInMicrosoft Defender for Cloud managed assessments
- CUSTOM_POLICY
- CustomPolicyUser defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
- CUSTOMER_MANAGED
- CustomerManagedUser assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
- "Built
In" - BuiltInMicrosoft Defender for Cloud managed assessments
- "Custom
Policy" - CustomPolicyUser defined policies that are automatically ingested from Azure Policy to Microsoft Defender for Cloud
- "Customer
Managed" - CustomerManagedUser assessments pushed directly by the user or other third party to Microsoft Defender for Cloud
Categories, CategoriesArgs
- Compute
- Compute
- Networking
- Networking
- Data
- Data
- Identity
And Access - IdentityAndAccess
- Io
T - IoT
- Categories
Compute - Compute
- Categories
Networking - Networking
- Categories
Data - Data
- Categories
Identity And Access - IdentityAndAccess
- Categories
Io T - IoT
- Compute
- Compute
- Networking
- Networking
- Data
- Data
- Identity
And Access - IdentityAndAccess
- Io
T - IoT
- Compute
- Compute
- Networking
- Networking
- Data
- Data
- Identity
And Access - IdentityAndAccess
- Io
T - IoT
- COMPUTE
- Compute
- NETWORKING
- Networking
- DATA
- Data
- IDENTITY_AND_ACCESS
- IdentityAndAccess
- IO_T
- IoT
- "Compute"
- Compute
- "Networking"
- Networking
- "Data"
- Data
- "Identity
And Access" - IdentityAndAccess
- "Io
T" - IoT
ImplementationEffort, ImplementationEffortArgs
- Low
- Low
- Moderate
- Moderate
- High
- High
- Implementation
Effort Low - Low
- Implementation
Effort Moderate - Moderate
- Implementation
Effort High - High
- Low
- Low
- Moderate
- Moderate
- High
- High
- Low
- Low
- Moderate
- Moderate
- High
- High
- LOW
- Low
- MODERATE
- Moderate
- HIGH
- High
- "Low"
- Low
- "Moderate"
- Moderate
- "High"
- High
SecurityAssessmentMetadataPartnerData, SecurityAssessmentMetadataPartnerDataArgs
- Partner
Name string - Name of the company of the partner
- Secret string
- Secret to authenticate the partner and verify it created the assessment - write only
- Product
Name string - Name of the product of the partner that created the assessment
- Partner
Name string - Name of the company of the partner
- Secret string
- Secret to authenticate the partner and verify it created the assessment - write only
- Product
Name string - Name of the product of the partner that created the assessment
- partner
Name String - Name of the company of the partner
- secret String
- Secret to authenticate the partner and verify it created the assessment - write only
- product
Name String - Name of the product of the partner that created the assessment
- partner
Name string - Name of the company of the partner
- secret string
- Secret to authenticate the partner and verify it created the assessment - write only
- product
Name string - Name of the product of the partner that created the assessment
- partner_
name str - Name of the company of the partner
- secret str
- Secret to authenticate the partner and verify it created the assessment - write only
- product_
name str - Name of the product of the partner that created the assessment
- partner
Name String - Name of the company of the partner
- secret String
- Secret to authenticate the partner and verify it created the assessment - write only
- product
Name String - Name of the product of the partner that created the assessment
SecurityAssessmentMetadataPartnerDataResponse, SecurityAssessmentMetadataPartnerDataResponseArgs
- Partner
Name string - Name of the company of the partner
- Secret string
- Secret to authenticate the partner and verify it created the assessment - write only
- Product
Name string - Name of the product of the partner that created the assessment
- Partner
Name string - Name of the company of the partner
- Secret string
- Secret to authenticate the partner and verify it created the assessment - write only
- Product
Name string - Name of the product of the partner that created the assessment
- partner
Name String - Name of the company of the partner
- secret String
- Secret to authenticate the partner and verify it created the assessment - write only
- product
Name String - Name of the product of the partner that created the assessment
- partner
Name string - Name of the company of the partner
- secret string
- Secret to authenticate the partner and verify it created the assessment - write only
- product
Name string - Name of the product of the partner that created the assessment
- partner_
name str - Name of the company of the partner
- secret str
- Secret to authenticate the partner and verify it created the assessment - write only
- product_
name str - Name of the product of the partner that created the assessment
- partner
Name String - Name of the company of the partner
- secret String
- Secret to authenticate the partner and verify it created the assessment - write only
- product
Name String - Name of the product of the partner that created the assessment
SecurityAssessmentMetadataPropertiesResponsePublishDates, SecurityAssessmentMetadataPropertiesResponsePublishDatesArgs
SecurityAssessmentMetadataPropertiesResponseResponsePublishDates, SecurityAssessmentMetadataPropertiesResponseResponsePublishDatesArgs
Severity, SeverityArgs
- Low
- Low
- Medium
- Medium
- High
- High
- Severity
Low - Low
- Severity
Medium - Medium
- Severity
High - High
- Low
- Low
- Medium
- Medium
- High
- High
- Low
- Low
- Medium
- Medium
- High
- High
- LOW
- Low
- MEDIUM
- Medium
- HIGH
- High
- "Low"
- Low
- "Medium"
- Medium
- "High"
- High
Tactics, TacticsArgs
- Reconnaissance
- Reconnaissance
- Resource_Development
- Resource Development
- Initial_Access
- Initial Access
- Execution
- Execution
- Persistence
- Persistence
- Privilege_Escalation
- Privilege Escalation
- Defense_Evasion
- Defense Evasion
- Credential_Access
- Credential Access
- Discovery
- Discovery
- Lateral_Movement
- Lateral Movement
- Collection
- Collection
- Command_
and_Control - Command and Control
- Exfiltration
- Exfiltration
- Impact
- Impact
- Tactics
Reconnaissance - Reconnaissance
- Tactics_Resource_Development
- Resource Development
- Tactics_Initial_Access
- Initial Access
- Tactics
Execution - Execution
- Tactics
Persistence - Persistence
- Tactics_Privilege_Escalation
- Privilege Escalation
- Tactics_Defense_Evasion
- Defense Evasion
- Tactics_Credential_Access
- Credential Access
- Tactics
Discovery - Discovery
- Tactics_Lateral_Movement
- Lateral Movement
- Tactics
Collection - Collection
- Tactics_Command_
and_Control - Command and Control
- Tactics
Exfiltration - Exfiltration
- Tactics
Impact - Impact
- Reconnaissance
- Reconnaissance
- Resource_Development
- Resource Development
- Initial_Access
- Initial Access
- Execution
- Execution
- Persistence
- Persistence
- Privilege_Escalation
- Privilege Escalation
- Defense_Evasion
- Defense Evasion
- Credential_Access
- Credential Access
- Discovery
- Discovery
- Lateral_Movement
- Lateral Movement
- Collection
- Collection
- Command_
and_Control - Command and Control
- Exfiltration
- Exfiltration
- Impact
- Impact
- Reconnaissance
- Reconnaissance
- Resource_Development
- Resource Development
- Initial_Access
- Initial Access
- Execution
- Execution
- Persistence
- Persistence
- Privilege_Escalation
- Privilege Escalation
- Defense_Evasion
- Defense Evasion
- Credential_Access
- Credential Access
- Discovery
- Discovery
- Lateral_Movement
- Lateral Movement
- Collection
- Collection
- Command_
and_Control - Command and Control
- Exfiltration
- Exfiltration
- Impact
- Impact
- RECONNAISSANCE
- Reconnaissance
- RESOURCE_DEVELOPMENT
- Resource Development
- INITIAL_ACCESS
- Initial Access
- EXECUTION
- Execution
- PERSISTENCE
- Persistence
- PRIVILEGE_ESCALATION
- Privilege Escalation
- DEFENSE_EVASION
- Defense Evasion
- CREDENTIAL_ACCESS
- Credential Access
- DISCOVERY
- Discovery
- LATERAL_MOVEMENT
- Lateral Movement
- COLLECTION
- Collection
- COMMAND_AND_CONTROL
- Command and Control
- EXFILTRATION
- Exfiltration
- IMPACT
- Impact
- "Reconnaissance"
- Reconnaissance
- "Resource Development"
- Resource Development
- "Initial Access"
- Initial Access
- "Execution"
- Execution
- "Persistence"
- Persistence
- "Privilege Escalation"
- Privilege Escalation
- "Defense Evasion"
- Defense Evasion
- "Credential Access"
- Credential Access
- "Discovery"
- Discovery
- "Lateral Movement"
- Lateral Movement
- "Collection"
- Collection
- "Command and Control"
- Command and Control
- "Exfiltration"
- Exfiltration
- "Impact"
- Impact
Techniques, TechniquesArgs
- Abuse_Elevation_Control_Mechanism
- Abuse Elevation Control Mechanism
- Access_Token_Manipulation
- Access Token Manipulation
- Account_Discovery
- Account Discovery
- Account_Manipulation
- Account Manipulation
- Active_Scanning
- Active Scanning
- Application_Layer_Protocol
- Application Layer Protocol
- Audio_Capture
- Audio Capture
- Boot_
or_Logon_Autostart_Execution - Boot or Logon Autostart Execution
- Boot_
or_Logon_Initialization_Scripts - Boot or Logon Initialization Scripts
- Brute_Force
- Brute Force
- Cloud_Infrastructure_Discovery
- Cloud Infrastructure Discovery
- Cloud_Service_Dashboard
- Cloud Service Dashboard
- Cloud_Service_Discovery
- Cloud Service Discovery
- Command_
and_Scripting_Interpreter - Command and Scripting Interpreter
- Compromise_Client_Software_Binary
- Compromise Client Software Binary
- Compromise_Infrastructure
- Compromise Infrastructure
- Container_
and_Resource_Discovery - Container and Resource Discovery
- Create_Account
- Create Account
- Create_
or_Modify_System_Process - Create or Modify System Process
- Credentials_
from_Password_Stores - Credentials from Password Stores
- Data_Destruction
- Data Destruction
- Data_Encrypted_
for_Impact - Data Encrypted for Impact
- Data_
from_Cloud_Storage_Object - Data from Cloud Storage Object
- Data_
from_Configuration_Repository - Data from Configuration Repository
- Data_
from_Information_Repositories - Data from Information Repositories
- Data_
from_Local_System - Data from Local System
- Data_Manipulation
- Data Manipulation
- Data_Staged
- Data Staged
- Defacement
- Defacement
- Deobfuscate_Decode_Files_
or_Information - Deobfuscate/Decode Files or Information
- Disk_Wipe
- Disk Wipe
- Domain_Trust_Discovery
- Domain Trust Discovery
- Drive_
by_Compromise - Drive-by Compromise
- Dynamic_Resolution
- Dynamic Resolution
- Endpoint_Denial_
of_Service - Endpoint Denial of Service
- Event_Triggered_Execution
- Event Triggered Execution
- Exfiltration_Over_Alternative_Protocol
- Exfiltration Over Alternative Protocol
- Exploit_Public_Facing_Application
- Exploit Public-Facing Application
- Exploitation_
for_Client_Execution - Exploitation for Client Execution
- Exploitation_
for_Credential_Access - Exploitation for Credential Access
- Exploitation_
for_Defense_Evasion - Exploitation for Defense Evasion
- Exploitation_
for_Privilege_Escalation - Exploitation for Privilege Escalation
- Exploitation_
of_Remote_Services - Exploitation of Remote Services
- External_Remote_Services
- External Remote Services
- Fallback_Channels
- Fallback Channels
- File_
and_Directory_Discovery - File and Directory Discovery
- Gather_Victim_Network_Information
- Gather Victim Network Information
- Hide_Artifacts
- Hide Artifacts
- Hijack_Execution_Flow
- Hijack Execution Flow
- Impair_Defenses
- Impair Defenses
- Implant_Container_Image
- Implant Container Image
- Indicator_Removal_
on_Host - Indicator Removal on Host
- Indirect_Command_Execution
- Indirect Command Execution
- Ingress_Tool_Transfer
- Ingress Tool Transfer
- Input_Capture
- Input Capture
- Inter_Process_Communication
- Inter-Process Communication
- Lateral_Tool_Transfer
- Lateral Tool Transfer
- Man_
in_ the_Middle - Man-in-the-Middle
- Masquerading
- Masquerading
- Modify_Authentication_Process
- Modify Authentication Process
- Modify_Registry
- Modify Registry
- Network_Denial_
of_Service - Network Denial of Service
- Network_Service_Scanning
- Network Service Scanning
- Network_Sniffing
- Network Sniffing
- Non_Application_Layer_Protocol
- Non-Application Layer Protocol
- Non_Standard_Port
- Non-Standard Port
- Obtain_Capabilities
- Obtain Capabilities
- Obfuscated_Files_
or_Information - Obfuscated Files or Information
- Office_Application_Startup
- Office Application Startup
- OS_Credential_Dumping
- OS Credential Dumping
- Permission_Groups_Discovery
- Permission Groups Discovery
- Phishing
- Phishing
- Pre_OS_Boot
- Pre-OS Boot
- Process_Discovery
- Process Discovery
- Process_Injection
- Process Injection
- Protocol_Tunneling
- Protocol Tunneling
- Proxy
- Proxy
- Query_Registry
- Query Registry
- Remote_Access_Software
- Remote Access Software
- Remote_Service_Session_Hijacking
- Remote Service Session Hijacking
- Remote_Services
- Remote Services
- Remote_System_Discovery
- Remote System Discovery
- Resource_Hijacking
- Resource Hijacking
- Scheduled_Task_Job
- Scheduled Task/Job
- Screen_Capture
- Screen Capture
- Search_Victim_Owned_Websites
- Search Victim-Owned Websites
- Server_Software_Component
- Server Software Component
- Service_Stop
- Service Stop
- Signed_Binary_Proxy_Execution
- Signed Binary Proxy Execution
- Software_Deployment_Tools
- Software Deployment Tools
- SQL_Stored_Procedures
- SQL Stored Procedures
- Steal_
or_Forge_Kerberos_Tickets - Steal or Forge Kerberos Tickets
- Subvert_Trust_Controls
- Subvert Trust Controls
- Supply_Chain_Compromise
- Supply Chain Compromise
- System_Information_Discovery
- System Information Discovery
- Taint_Shared_Content
- Taint Shared Content
- Traffic_Signaling
- Traffic Signaling
- Transfer_Data_
to_Cloud_Account - Transfer Data to Cloud Account
- Trusted_Relationship
- Trusted Relationship
- Unsecured_Credentials
- Unsecured Credentials
- User_Execution
- User Execution
- Valid_Accounts
- Valid Accounts
- Windows_Management_Instrumentation
- Windows Management Instrumentation
- File_
and_Directory_Permissions_Modification - File and Directory Permissions Modification
- Techniques_Abuse_Elevation_Control_Mechanism
- Abuse Elevation Control Mechanism
- Techniques_Access_Token_Manipulation
- Access Token Manipulation
- Techniques_Account_Discovery
- Account Discovery
- Techniques_Account_Manipulation
- Account Manipulation
- Techniques_Active_Scanning
- Active Scanning
- Techniques_Application_Layer_Protocol
- Application Layer Protocol
- Techniques_Audio_Capture
- Audio Capture
- Techniques_Boot_
or_Logon_Autostart_Execution - Boot or Logon Autostart Execution
- Techniques_Boot_
or_Logon_Initialization_Scripts - Boot or Logon Initialization Scripts
- Techniques_Brute_Force
- Brute Force
- Techniques_Cloud_Infrastructure_Discovery
- Cloud Infrastructure Discovery
- Techniques_Cloud_Service_Dashboard
- Cloud Service Dashboard
- Techniques_Cloud_Service_Discovery
- Cloud Service Discovery
- Techniques_Command_
and_Scripting_Interpreter - Command and Scripting Interpreter
- Techniques_Compromise_Client_Software_Binary
- Compromise Client Software Binary
- Techniques_Compromise_Infrastructure
- Compromise Infrastructure
- Techniques_Container_
and_Resource_Discovery - Container and Resource Discovery
- Techniques_Create_Account
- Create Account
- Techniques_Create_
or_Modify_System_Process - Create or Modify System Process
- Techniques_Credentials_
from_Password_Stores - Credentials from Password Stores
- Techniques_Data_Destruction
- Data Destruction
- Techniques_Data_Encrypted_
for_Impact - Data Encrypted for Impact
- Techniques_Data_
from_Cloud_Storage_Object - Data from Cloud Storage Object
- Techniques_Data_
from_Configuration_Repository - Data from Configuration Repository
- Techniques_Data_
from_Information_Repositories - Data from Information Repositories
- Techniques_Data_
from_Local_System - Data from Local System
- Techniques_Data_Manipulation
- Data Manipulation
- Techniques_Data_Staged
- Data Staged
- Techniques
Defacement - Defacement
- Techniques_Deobfuscate_Decode_Files_
or_Information - Deobfuscate/Decode Files or Information
- Techniques_Disk_Wipe
- Disk Wipe
- Techniques_Domain_Trust_Discovery
- Domain Trust Discovery
- Techniques_Drive_By_Compromise
- Drive-by Compromise
- Techniques_Dynamic_Resolution
- Dynamic Resolution
- Techniques_Endpoint_Denial_
of_Service - Endpoint Denial of Service
- Techniques_Event_Triggered_Execution
- Event Triggered Execution
- Techniques_Exfiltration_Over_Alternative_Protocol
- Exfiltration Over Alternative Protocol
- Techniques_Exploit_Public_Facing_Application
- Exploit Public-Facing Application
- Techniques_Exploitation_
for_Client_Execution - Exploitation for Client Execution
- Techniques_Exploitation_
for_Credential_Access - Exploitation for Credential Access
- Techniques_Exploitation_
for_Defense_Evasion - Exploitation for Defense Evasion
- Techniques_Exploitation_
for_Privilege_Escalation - Exploitation for Privilege Escalation
- Techniques_Exploitation_
of_Remote_Services - Exploitation of Remote Services
- Techniques_External_Remote_Services
- External Remote Services
- Techniques_Fallback_Channels
- Fallback Channels
- Techniques_File_
and_Directory_Discovery - File and Directory Discovery
- Techniques_Gather_Victim_Network_Information
- Gather Victim Network Information
- Techniques_Hide_Artifacts
- Hide Artifacts
- Techniques_Hijack_Execution_Flow
- Hijack Execution Flow
- Techniques_Impair_Defenses
- Impair Defenses
- Techniques_Implant_Container_Image
- Implant Container Image
- Techniques_Indicator_Removal_
on_Host - Indicator Removal on Host
- Techniques_Indirect_Command_Execution
- Indirect Command Execution
- Techniques_Ingress_Tool_Transfer
- Ingress Tool Transfer
- Techniques_Input_Capture
- Input Capture
- Techniques_Inter_Process_Communication
- Inter-Process Communication
- Techniques_Lateral_Tool_Transfer
- Lateral Tool Transfer
- Techniques_Man_In_The_Middle
- Man-in-the-Middle
- Techniques
Masquerading - Masquerading
- Techniques_Modify_Authentication_Process
- Modify Authentication Process
- Techniques_Modify_Registry
- Modify Registry
- Techniques_Network_Denial_
of_Service - Network Denial of Service
- Techniques_Network_Service_Scanning
- Network Service Scanning
- Techniques_Network_Sniffing
- Network Sniffing
- Techniques_Non_Application_Layer_Protocol
- Non-Application Layer Protocol
- Techniques_Non_Standard_Port
- Non-Standard Port
- Techniques_Obtain_Capabilities
- Obtain Capabilities
- Techniques_Obfuscated_Files_
or_Information - Obfuscated Files or Information
- Techniques_Office_Application_Startup
- Office Application Startup
- Techniques_OS_Credential_Dumping
- OS Credential Dumping
- Techniques_Permission_Groups_Discovery
- Permission Groups Discovery
- Techniques
Phishing - Phishing
- Techniques_Pre_OS_Boot
- Pre-OS Boot
- Techniques_Process_Discovery
- Process Discovery
- Techniques_Process_Injection
- Process Injection
- Techniques_Protocol_Tunneling
- Protocol Tunneling
- Techniques
Proxy - Proxy
- Techniques_Query_Registry
- Query Registry
- Techniques_Remote_Access_Software
- Remote Access Software
- Techniques_Remote_Service_Session_Hijacking
- Remote Service Session Hijacking
- Techniques_Remote_Services
- Remote Services
- Techniques_Remote_System_Discovery
- Remote System Discovery
- Techniques_Resource_Hijacking
- Resource Hijacking
- Techniques_Scheduled_Task_Job
- Scheduled Task/Job
- Techniques_Screen_Capture
- Screen Capture
- Techniques_Search_Victim_Owned_Websites
- Search Victim-Owned Websites
- Techniques_Server_Software_Component
- Server Software Component
- Techniques_Service_Stop
- Service Stop
- Techniques_Signed_Binary_Proxy_Execution
- Signed Binary Proxy Execution
- Techniques_Software_Deployment_Tools
- Software Deployment Tools
- Techniques_SQL_Stored_Procedures
- SQL Stored Procedures
- Techniques_Steal_
or_Forge_Kerberos_Tickets - Steal or Forge Kerberos Tickets
- Techniques_Subvert_Trust_Controls
- Subvert Trust Controls
- Techniques_Supply_Chain_Compromise
- Supply Chain Compromise
- Techniques_System_Information_Discovery
- System Information Discovery
- Techniques_Taint_Shared_Content
- Taint Shared Content
- Techniques_Traffic_Signaling
- Traffic Signaling
- Techniques_Transfer_Data_
to_Cloud_Account - Transfer Data to Cloud Account
- Techniques_Trusted_Relationship
- Trusted Relationship
- Techniques_Unsecured_Credentials
- Unsecured Credentials
- Techniques_User_Execution
- User Execution
- Techniques_Valid_Accounts
- Valid Accounts
- Techniques_Windows_Management_Instrumentation
- Windows Management Instrumentation
- Techniques_File_
and_Directory_Permissions_Modification - File and Directory Permissions Modification
- Abuse_Elevation_Control_Mechanism
- Abuse Elevation Control Mechanism
- Access_Token_Manipulation
- Access Token Manipulation
- Account_Discovery
- Account Discovery
- Account_Manipulation
- Account Manipulation
- Active_Scanning
- Active Scanning
- Application_Layer_Protocol
- Application Layer Protocol
- Audio_Capture
- Audio Capture
- Boot_
or_Logon_Autostart_Execution - Boot or Logon Autostart Execution
- Boot_
or_Logon_Initialization_Scripts - Boot or Logon Initialization Scripts
- Brute_Force
- Brute Force
- Cloud_Infrastructure_Discovery
- Cloud Infrastructure Discovery
- Cloud_Service_Dashboard
- Cloud Service Dashboard
- Cloud_Service_Discovery
- Cloud Service Discovery
- Command_
and_Scripting_Interpreter - Command and Scripting Interpreter
- Compromise_Client_Software_Binary
- Compromise Client Software Binary
- Compromise_Infrastructure
- Compromise Infrastructure
- Container_
and_Resource_Discovery - Container and Resource Discovery
- Create_Account
- Create Account
- Create_
or_Modify_System_Process - Create or Modify System Process
- Credentials_
from_Password_Stores - Credentials from Password Stores
- Data_Destruction
- Data Destruction
- Data_Encrypted_
for_Impact - Data Encrypted for Impact
- Data_
from_Cloud_Storage_Object - Data from Cloud Storage Object
- Data_
from_Configuration_Repository - Data from Configuration Repository
- Data_
from_Information_Repositories - Data from Information Repositories
- Data_
from_Local_System - Data from Local System
- Data_Manipulation
- Data Manipulation
- Data_Staged
- Data Staged
- Defacement
- Defacement
- Deobfuscate_Decode_Files_
or_Information - Deobfuscate/Decode Files or Information
- Disk_Wipe
- Disk Wipe
- Domain_Trust_Discovery
- Domain Trust Discovery
- Driveby_Compromise
- Drive-by Compromise
- Dynamic_Resolution
- Dynamic Resolution
- Endpoint_Denial_
of_Service - Endpoint Denial of Service
- Event_Triggered_Execution
- Event Triggered Execution
- Exfiltration_Over_Alternative_Protocol
- Exfiltration Over Alternative Protocol
- Exploit_Public
Facing_Application - Exploit Public-Facing Application
- Exploitation_
for_Client_Execution - Exploitation for Client Execution
- Exploitation_
for_Credential_Access - Exploitation for Credential Access
- Exploitation_
for_Defense_Evasion - Exploitation for Defense Evasion
- Exploitation_
for_Privilege_Escalation - Exploitation for Privilege Escalation
- Exploitation_
of_Remote_Services - Exploitation of Remote Services
- External_Remote_Services
- External Remote Services
- Fallback_Channels
- Fallback Channels
- File_
and_Directory_Discovery - File and Directory Discovery
- Gather_Victim_Network_Information
- Gather Victim Network Information
- Hide_Artifacts
- Hide Artifacts
- Hijack_Execution_Flow
- Hijack Execution Flow
- Impair_Defenses
- Impair Defenses
- Implant_Container_Image
- Implant Container Image
- Indicator_Removal_
on_Host - Indicator Removal on Host
- Indirect_Command_Execution
- Indirect Command Execution
- Ingress_Tool_Transfer
- Ingress Tool Transfer
- Input_Capture
- Input Capture
- Inter
Process_Communication - Inter-Process Communication
- Lateral_Tool_Transfer
- Lateral Tool Transfer
- Maninthe
Middle - Man-in-the-Middle
- Masquerading
- Masquerading
- Modify_Authentication_Process
- Modify Authentication Process
- Modify_Registry
- Modify Registry
- Network_Denial_
of_Service - Network Denial of Service
- Network_Service_Scanning
- Network Service Scanning
- Network_Sniffing
- Network Sniffing
- Non
Application_Layer_Protocol - Non-Application Layer Protocol
- Non
Standard_Port - Non-Standard Port
- Obtain_Capabilities
- Obtain Capabilities
- Obfuscated_Files_
or_Information - Obfuscated Files or Information
- Office_Application_Startup
- Office Application Startup
- OS_Credential_Dumping
- OS Credential Dumping
- Permission_Groups_Discovery
- Permission Groups Discovery
- Phishing
- Phishing
- Pre
OS_Boot - Pre-OS Boot
- Process_Discovery
- Process Discovery
- Process_Injection
- Process Injection
- Protocol_Tunneling
- Protocol Tunneling
- Proxy
- Proxy
- Query_Registry
- Query Registry
- Remote_Access_Software
- Remote Access Software
- Remote_Service_Session_Hijacking
- Remote Service Session Hijacking
- Remote_Services
- Remote Services
- Remote_System_Discovery
- Remote System Discovery
- Resource_Hijacking
- Resource Hijacking
- Scheduled_Task_Job
- Scheduled Task/Job
- Screen_Capture
- Screen Capture
- Search_Victim
Owned_Websites - Search Victim-Owned Websites
- Server_Software_Component
- Server Software Component
- Service_Stop
- Service Stop
- Signed_Binary_Proxy_Execution
- Signed Binary Proxy Execution
- Software_Deployment_Tools
- Software Deployment Tools
- SQL_Stored_Procedures
- SQL Stored Procedures
- Steal_
or_Forge_Kerberos_Tickets - Steal or Forge Kerberos Tickets
- Subvert_Trust_Controls
- Subvert Trust Controls
- Supply_Chain_Compromise
- Supply Chain Compromise
- System_Information_Discovery
- System Information Discovery
- Taint_Shared_Content
- Taint Shared Content
- Traffic_Signaling
- Traffic Signaling
- Transfer_Data_
to_Cloud_Account - Transfer Data to Cloud Account
- Trusted_Relationship
- Trusted Relationship
- Unsecured_Credentials
- Unsecured Credentials
- User_Execution
- User Execution
- Valid_Accounts
- Valid Accounts
- Windows_Management_Instrumentation
- Windows Management Instrumentation
- File_
and_Directory_Permissions_Modification - File and Directory Permissions Modification
- Abuse_Elevation_Control_Mechanism
- Abuse Elevation Control Mechanism
- Access_Token_Manipulation
- Access Token Manipulation
- Account_Discovery
- Account Discovery
- Account_Manipulation
- Account Manipulation
- Active_Scanning
- Active Scanning
- Application_Layer_Protocol
- Application Layer Protocol
- Audio_Capture
- Audio Capture
- Boot_
or_Logon_Autostart_Execution - Boot or Logon Autostart Execution
- Boot_
or_Logon_Initialization_Scripts - Boot or Logon Initialization Scripts
- Brute_Force
- Brute Force
- Cloud_Infrastructure_Discovery
- Cloud Infrastructure Discovery
- Cloud_Service_Dashboard
- Cloud Service Dashboard
- Cloud_Service_Discovery
- Cloud Service Discovery
- Command_
and_Scripting_Interpreter - Command and Scripting Interpreter
- Compromise_Client_Software_Binary
- Compromise Client Software Binary
- Compromise_Infrastructure
- Compromise Infrastructure
- Container_
and_Resource_Discovery - Container and Resource Discovery
- Create_Account
- Create Account
- Create_
or_Modify_System_Process - Create or Modify System Process
- Credentials_
from_Password_Stores - Credentials from Password Stores
- Data_Destruction
- Data Destruction
- Data_Encrypted_
for_Impact - Data Encrypted for Impact
- Data_
from_Cloud_Storage_Object - Data from Cloud Storage Object
- Data_
from_Configuration_Repository - Data from Configuration Repository
- Data_
from_Information_Repositories - Data from Information Repositories
- Data_
from_Local_System - Data from Local System
- Data_Manipulation
- Data Manipulation
- Data_Staged
- Data Staged
- Defacement
- Defacement
- Deobfuscate_Decode_Files_
or_Information - Deobfuscate/Decode Files or Information
- Disk_Wipe
- Disk Wipe
- Domain_Trust_Discovery
- Domain Trust Discovery
- Drive_
by_Compromise - Drive-by Compromise
- Dynamic_Resolution
- Dynamic Resolution
- Endpoint_Denial_
of_Service - Endpoint Denial of Service
- Event_Triggered_Execution
- Event Triggered Execution
- Exfiltration_Over_Alternative_Protocol
- Exfiltration Over Alternative Protocol
- Exploit_Public_Facing_Application
- Exploit Public-Facing Application
- Exploitation_
for_Client_Execution - Exploitation for Client Execution
- Exploitation_
for_Credential_Access - Exploitation for Credential Access
- Exploitation_
for_Defense_Evasion - Exploitation for Defense Evasion
- Exploitation_
for_Privilege_Escalation - Exploitation for Privilege Escalation
- Exploitation_
of_Remote_Services - Exploitation of Remote Services
- External_Remote_Services
- External Remote Services
- Fallback_Channels
- Fallback Channels
- File_
and_Directory_Discovery - File and Directory Discovery
- Gather_Victim_Network_Information
- Gather Victim Network Information
- Hide_Artifacts
- Hide Artifacts
- Hijack_Execution_Flow
- Hijack Execution Flow
- Impair_Defenses
- Impair Defenses
- Implant_Container_Image
- Implant Container Image
- Indicator_Removal_
on_Host - Indicator Removal on Host
- Indirect_Command_Execution
- Indirect Command Execution
- Ingress_Tool_Transfer
- Ingress Tool Transfer
- Input_Capture
- Input Capture
- Inter_Process_Communication
- Inter-Process Communication
- Lateral_Tool_Transfer
- Lateral Tool Transfer
- Man_
in_ the_Middle - Man-in-the-Middle
- Masquerading
- Masquerading
- Modify_Authentication_Process
- Modify Authentication Process
- Modify_Registry
- Modify Registry
- Network_Denial_
of_Service - Network Denial of Service
- Network_Service_Scanning
- Network Service Scanning
- Network_Sniffing
- Network Sniffing
- Non_Application_Layer_Protocol
- Non-Application Layer Protocol
- Non_Standard_Port
- Non-Standard Port
- Obtain_Capabilities
- Obtain Capabilities
- Obfuscated_Files_
or_Information - Obfuscated Files or Information
- Office_Application_Startup
- Office Application Startup
- OS_Credential_Dumping
- OS Credential Dumping
- Permission_Groups_Discovery
- Permission Groups Discovery
- Phishing
- Phishing
- Pre_OS_Boot
- Pre-OS Boot
- Process_Discovery
- Process Discovery
- Process_Injection
- Process Injection
- Protocol_Tunneling
- Protocol Tunneling
- Proxy
- Proxy
- Query_Registry
- Query Registry
- Remote_Access_Software
- Remote Access Software
- Remote_Service_Session_Hijacking
- Remote Service Session Hijacking
- Remote_Services
- Remote Services
- Remote_System_Discovery
- Remote System Discovery
- Resource_Hijacking
- Resource Hijacking
- Scheduled_Task_Job
- Scheduled Task/Job
- Screen_Capture
- Screen Capture
- Search_Victim_Owned_Websites
- Search Victim-Owned Websites
- Server_Software_Component
- Server Software Component
- Service_Stop
- Service Stop
- Signed_Binary_Proxy_Execution
- Signed Binary Proxy Execution
- Software_Deployment_Tools
- Software Deployment Tools
- SQL_Stored_Procedures
- SQL Stored Procedures
- Steal_
or_Forge_Kerberos_Tickets - Steal or Forge Kerberos Tickets
- Subvert_Trust_Controls
- Subvert Trust Controls
- Supply_Chain_Compromise
- Supply Chain Compromise
- System_Information_Discovery
- System Information Discovery
- Taint_Shared_Content
- Taint Shared Content
- Traffic_Signaling
- Traffic Signaling
- Transfer_Data_
to_Cloud_Account - Transfer Data to Cloud Account
- Trusted_Relationship
- Trusted Relationship
- Unsecured_Credentials
- Unsecured Credentials
- User_Execution
- User Execution
- Valid_Accounts
- Valid Accounts
- Windows_Management_Instrumentation
- Windows Management Instrumentation
- File_
and_Directory_Permissions_Modification - File and Directory Permissions Modification
- ABUSE_ELEVATION_CONTROL_MECHANISM
- Abuse Elevation Control Mechanism
- ACCESS_TOKEN_MANIPULATION
- Access Token Manipulation
- ACCOUNT_DISCOVERY
- Account Discovery
- ACCOUNT_MANIPULATION
- Account Manipulation
- ACTIVE_SCANNING
- Active Scanning
- APPLICATION_LAYER_PROTOCOL
- Application Layer Protocol
- AUDIO_CAPTURE
- Audio Capture
- BOOT_OR_LOGON_AUTOSTART_EXECUTION
- Boot or Logon Autostart Execution
- BOOT_OR_LOGON_INITIALIZATION_SCRIPTS
- Boot or Logon Initialization Scripts
- BRUTE_FORCE
- Brute Force
- CLOUD_INFRASTRUCTURE_DISCOVERY
- Cloud Infrastructure Discovery
- CLOUD_SERVICE_DASHBOARD
- Cloud Service Dashboard
- CLOUD_SERVICE_DISCOVERY
- Cloud Service Discovery
- COMMAND_AND_SCRIPTING_INTERPRETER
- Command and Scripting Interpreter
- COMPROMISE_CLIENT_SOFTWARE_BINARY
- Compromise Client Software Binary
- COMPROMISE_INFRASTRUCTURE
- Compromise Infrastructure
- CONTAINER_AND_RESOURCE_DISCOVERY
- Container and Resource Discovery
- CREATE_ACCOUNT
- Create Account
- CREATE_OR_MODIFY_SYSTEM_PROCESS
- Create or Modify System Process
- CREDENTIALS_FROM_PASSWORD_STORES
- Credentials from Password Stores
- DATA_DESTRUCTION
- Data Destruction
- DATA_ENCRYPTED_FOR_IMPACT
- Data Encrypted for Impact
- DATA_FROM_CLOUD_STORAGE_OBJECT
- Data from Cloud Storage Object
- DATA_FROM_CONFIGURATION_REPOSITORY
- Data from Configuration Repository
- DATA_FROM_INFORMATION_REPOSITORIES
- Data from Information Repositories
- DATA_FROM_LOCAL_SYSTEM
- Data from Local System
- DATA_MANIPULATION
- Data Manipulation
- DATA_STAGED
- Data Staged
- DEFACEMENT
- Defacement
- DEOBFUSCATE_DECODE_FILES_OR_INFORMATION
- Deobfuscate/Decode Files or Information
- DISK_WIPE
- Disk Wipe
- DOMAIN_TRUST_DISCOVERY
- Domain Trust Discovery
- DRIVE_BY_COMPROMISE
- Drive-by Compromise
- DYNAMIC_RESOLUTION
- Dynamic Resolution
- ENDPOINT_DENIAL_OF_SERVICE
- Endpoint Denial of Service
- EVENT_TRIGGERED_EXECUTION
- Event Triggered Execution
- EXFILTRATION_OVER_ALTERNATIVE_PROTOCOL
- Exfiltration Over Alternative Protocol
- EXPLOIT_PUBLIC_FACING_APPLICATION
- Exploit Public-Facing Application
- EXPLOITATION_FOR_CLIENT_EXECUTION
- Exploitation for Client Execution
- EXPLOITATION_FOR_CREDENTIAL_ACCESS
- Exploitation for Credential Access
- EXPLOITATION_FOR_DEFENSE_EVASION
- Exploitation for Defense Evasion
- EXPLOITATION_FOR_PRIVILEGE_ESCALATION
- Exploitation for Privilege Escalation
- EXPLOITATION_OF_REMOTE_SERVICES
- Exploitation of Remote Services
- EXTERNAL_REMOTE_SERVICES
- External Remote Services
- FALLBACK_CHANNELS
- Fallback Channels
- FILE_AND_DIRECTORY_DISCOVERY
- File and Directory Discovery
- GATHER_VICTIM_NETWORK_INFORMATION
- Gather Victim Network Information
- HIDE_ARTIFACTS
- Hide Artifacts
- HIJACK_EXECUTION_FLOW
- Hijack Execution Flow
- IMPAIR_DEFENSES
- Impair Defenses
- IMPLANT_CONTAINER_IMAGE
- Implant Container Image
- INDICATOR_REMOVAL_ON_HOST
- Indicator Removal on Host
- INDIRECT_COMMAND_EXECUTION
- Indirect Command Execution
- INGRESS_TOOL_TRANSFER
- Ingress Tool Transfer
- INPUT_CAPTURE
- Input Capture
- INTER_PROCESS_COMMUNICATION
- Inter-Process Communication
- LATERAL_TOOL_TRANSFER
- Lateral Tool Transfer
- MAN_IN_THE_MIDDLE
- Man-in-the-Middle
- MASQUERADING
- Masquerading
- MODIFY_AUTHENTICATION_PROCESS
- Modify Authentication Process
- MODIFY_REGISTRY
- Modify Registry
- NETWORK_DENIAL_OF_SERVICE
- Network Denial of Service
- NETWORK_SERVICE_SCANNING
- Network Service Scanning
- NETWORK_SNIFFING
- Network Sniffing
- NON_APPLICATION_LAYER_PROTOCOL
- Non-Application Layer Protocol
- NON_STANDARD_PORT
- Non-Standard Port
- OBTAIN_CAPABILITIES
- Obtain Capabilities
- OBFUSCATED_FILES_OR_INFORMATION
- Obfuscated Files or Information
- OFFICE_APPLICATION_STARTUP
- Office Application Startup
- O_S_CREDENTIAL_DUMPING
- OS Credential Dumping
- PERMISSION_GROUPS_DISCOVERY
- Permission Groups Discovery
- PHISHING
- Phishing
- PRE_O_S_BOOT
- Pre-OS Boot
- PROCESS_DISCOVERY
- Process Discovery
- PROCESS_INJECTION
- Process Injection
- PROTOCOL_TUNNELING
- Protocol Tunneling
- PROXY
- Proxy
- QUERY_REGISTRY
- Query Registry
- REMOTE_ACCESS_SOFTWARE
- Remote Access Software
- REMOTE_SERVICE_SESSION_HIJACKING
- Remote Service Session Hijacking
- REMOTE_SERVICES
- Remote Services
- REMOTE_SYSTEM_DISCOVERY
- Remote System Discovery
- RESOURCE_HIJACKING
- Resource Hijacking
- SCHEDULED_TASK_JOB
- Scheduled Task/Job
- SCREEN_CAPTURE
- Screen Capture
- SEARCH_VICTIM_OWNED_WEBSITES
- Search Victim-Owned Websites
- SERVER_SOFTWARE_COMPONENT
- Server Software Component
- SERVICE_STOP
- Service Stop
- SIGNED_BINARY_PROXY_EXECUTION
- Signed Binary Proxy Execution
- SOFTWARE_DEPLOYMENT_TOOLS
- Software Deployment Tools
- SQ_L_STORED_PROCEDURES
- SQL Stored Procedures
- STEAL_OR_FORGE_KERBEROS_TICKETS
- Steal or Forge Kerberos Tickets
- SUBVERT_TRUST_CONTROLS
- Subvert Trust Controls
- SUPPLY_CHAIN_COMPROMISE
- Supply Chain Compromise
- SYSTEM_INFORMATION_DISCOVERY
- System Information Discovery
- TAINT_SHARED_CONTENT
- Taint Shared Content
- TRAFFIC_SIGNALING
- Traffic Signaling
- TRANSFER_DATA_TO_CLOUD_ACCOUNT
- Transfer Data to Cloud Account
- TRUSTED_RELATIONSHIP
- Trusted Relationship
- UNSECURED_CREDENTIALS
- Unsecured Credentials
- USER_EXECUTION
- User Execution
- VALID_ACCOUNTS
- Valid Accounts
- WINDOWS_MANAGEMENT_INSTRUMENTATION
- Windows Management Instrumentation
- FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION
- File and Directory Permissions Modification
- "Abuse Elevation Control Mechanism"
- Abuse Elevation Control Mechanism
- "Access Token Manipulation"
- Access Token Manipulation
- "Account Discovery"
- Account Discovery
- "Account Manipulation"
- Account Manipulation
- "Active Scanning"
- Active Scanning
- "Application Layer Protocol"
- Application Layer Protocol
- "Audio Capture"
- Audio Capture
- "Boot or Logon Autostart Execution"
- Boot or Logon Autostart Execution
- "Boot or Logon Initialization Scripts"
- Boot or Logon Initialization Scripts
- "Brute Force"
- Brute Force
- "Cloud Infrastructure Discovery"
- Cloud Infrastructure Discovery
- "Cloud Service Dashboard"
- Cloud Service Dashboard
- "Cloud Service Discovery"
- Cloud Service Discovery
- "Command and Scripting Interpreter"
- Command and Scripting Interpreter
- "Compromise Client Software Binary"
- Compromise Client Software Binary
- "Compromise Infrastructure"
- Compromise Infrastructure
- "Container and Resource Discovery"
- Container and Resource Discovery
- "Create Account"
- Create Account
- "Create or Modify System Process"
- Create or Modify System Process
- "Credentials from Password Stores"
- Credentials from Password Stores
- "Data Destruction"
- Data Destruction
- "Data Encrypted for Impact"
- Data Encrypted for Impact
- "Data from Cloud Storage Object"
- Data from Cloud Storage Object
- "Data from Configuration Repository"
- Data from Configuration Repository
- "Data from Information Repositories"
- Data from Information Repositories
- "Data from Local System"
- Data from Local System
- "Data Manipulation"
- Data Manipulation
- "Data Staged"
- Data Staged
- "Defacement"
- Defacement
- "Deobfuscate/Decode Files or Information"
- Deobfuscate/Decode Files or Information
- "Disk Wipe"
- Disk Wipe
- "Domain Trust Discovery"
- Domain Trust Discovery
- "Drive-by Compromise"
- Drive-by Compromise
- "Dynamic Resolution"
- Dynamic Resolution
- "Endpoint Denial of Service"
- Endpoint Denial of Service
- "Event Triggered Execution"
- Event Triggered Execution
- "Exfiltration Over Alternative Protocol"
- Exfiltration Over Alternative Protocol
- "Exploit Public-Facing Application"
- Exploit Public-Facing Application
- "Exploitation for Client Execution"
- Exploitation for Client Execution
- "Exploitation for Credential Access"
- Exploitation for Credential Access
- "Exploitation for Defense Evasion"
- Exploitation for Defense Evasion
- "Exploitation for Privilege Escalation"
- Exploitation for Privilege Escalation
- "Exploitation of Remote Services"
- Exploitation of Remote Services
- "External Remote Services"
- External Remote Services
- "Fallback Channels"
- Fallback Channels
- "File and Directory Discovery"
- File and Directory Discovery
- "Gather Victim Network Information"
- Gather Victim Network Information
- "Hide Artifacts"
- Hide Artifacts
- "Hijack Execution Flow"
- Hijack Execution Flow
- "Impair Defenses"
- Impair Defenses
- "Implant Container Image"
- Implant Container Image
- "Indicator Removal on Host"
- Indicator Removal on Host
- "Indirect Command Execution"
- Indirect Command Execution
- "Ingress Tool Transfer"
- Ingress Tool Transfer
- "Input Capture"
- Input Capture
- "Inter-Process Communication"
- Inter-Process Communication
- "Lateral Tool Transfer"
- Lateral Tool Transfer
- "Man-in-the-Middle"
- Man-in-the-Middle
- "Masquerading"
- Masquerading
- "Modify Authentication Process"
- Modify Authentication Process
- "Modify Registry"
- Modify Registry
- "Network Denial of Service"
- Network Denial of Service
- "Network Service Scanning"
- Network Service Scanning
- "Network Sniffing"
- Network Sniffing
- "Non-Application Layer Protocol"
- Non-Application Layer Protocol
- "Non-Standard Port"
- Non-Standard Port
- "Obtain Capabilities"
- Obtain Capabilities
- "Obfuscated Files or Information"
- Obfuscated Files or Information
- "Office Application Startup"
- Office Application Startup
- "OS Credential Dumping"
- OS Credential Dumping
- "Permission Groups Discovery"
- Permission Groups Discovery
- "Phishing"
- Phishing
- "Pre-OS Boot"
- Pre-OS Boot
- "Process Discovery"
- Process Discovery
- "Process Injection"
- Process Injection
- "Protocol Tunneling"
- Protocol Tunneling
- "Proxy"
- Proxy
- "Query Registry"
- Query Registry
- "Remote Access Software"
- Remote Access Software
- "Remote Service Session Hijacking"
- Remote Service Session Hijacking
- "Remote Services"
- Remote Services
- "Remote System Discovery"
- Remote System Discovery
- "Resource Hijacking"
- Resource Hijacking
- "Scheduled Task/Job"
- Scheduled Task/Job
- "Screen Capture"
- Screen Capture
- "Search Victim-Owned Websites"
- Search Victim-Owned Websites
- "Server Software Component"
- Server Software Component
- "Service Stop"
- Service Stop
- "Signed Binary Proxy Execution"
- Signed Binary Proxy Execution
- "Software Deployment Tools"
- Software Deployment Tools
- "SQL Stored Procedures"
- SQL Stored Procedures
- "Steal or Forge Kerberos Tickets"
- Steal or Forge Kerberos Tickets
- "Subvert Trust Controls"
- Subvert Trust Controls
- "Supply Chain Compromise"
- Supply Chain Compromise
- "System Information Discovery"
- System Information Discovery
- "Taint Shared Content"
- Taint Shared Content
- "Traffic Signaling"
- Traffic Signaling
- "Transfer Data to Cloud Account"
- Transfer Data to Cloud Account
- "Trusted Relationship"
- Trusted Relationship
- "Unsecured Credentials"
- Unsecured Credentials
- "User Execution"
- User Execution
- "Valid Accounts"
- Valid Accounts
- "Windows Management Instrumentation"
- Windows Management Instrumentation
- "File and Directory Permissions Modification"
- File and Directory Permissions Modification
Threats, ThreatsArgs
- Account
Breach - accountBreach
- Data
Exfiltration - dataExfiltration
- Data
Spillage - dataSpillage
- Malicious
Insider - maliciousInsider
- Elevation
Of Privilege - elevationOfPrivilege
- Threat
Resistance - threatResistance
- Missing
Coverage - missingCoverage
- Denial
Of Service - denialOfService
- Threats
Account Breach - accountBreach
- Threats
Data Exfiltration - dataExfiltration
- Threats
Data Spillage - dataSpillage
- Threats
Malicious Insider - maliciousInsider
- Threats
Elevation Of Privilege - elevationOfPrivilege
- Threats
Threat Resistance - threatResistance
- Threats
Missing Coverage - missingCoverage
- Threats
Denial Of Service - denialOfService
- Account
Breach - accountBreach
- Data
Exfiltration - dataExfiltration
- Data
Spillage - dataSpillage
- Malicious
Insider - maliciousInsider
- Elevation
Of Privilege - elevationOfPrivilege
- Threat
Resistance - threatResistance
- Missing
Coverage - missingCoverage
- Denial
Of Service - denialOfService
- Account
Breach - accountBreach
- Data
Exfiltration - dataExfiltration
- Data
Spillage - dataSpillage
- Malicious
Insider - maliciousInsider
- Elevation
Of Privilege - elevationOfPrivilege
- Threat
Resistance - threatResistance
- Missing
Coverage - missingCoverage
- Denial
Of Service - denialOfService
- ACCOUNT_BREACH
- accountBreach
- DATA_EXFILTRATION
- dataExfiltration
- DATA_SPILLAGE
- dataSpillage
- MALICIOUS_INSIDER
- maliciousInsider
- ELEVATION_OF_PRIVILEGE
- elevationOfPrivilege
- THREAT_RESISTANCE
- threatResistance
- MISSING_COVERAGE
- missingCoverage
- DENIAL_OF_SERVICE
- denialOfService
- "account
Breach" - accountBreach
- "data
Exfiltration" - dataExfiltration
- "data
Spillage" - dataSpillage
- "malicious
Insider" - maliciousInsider
- "elevation
Of Privilege" - elevationOfPrivilege
- "threat
Resistance" - threatResistance
- "missing
Coverage" - missingCoverage
- "denial
Of Service" - denialOfService
UserImpact, UserImpactArgs
- Low
- Low
- Moderate
- Moderate
- High
- High
- User
Impact Low - Low
- User
Impact Moderate - Moderate
- User
Impact High - High
- Low
- Low
- Moderate
- Moderate
- High
- High
- Low
- Low
- Moderate
- Moderate
- High
- High
- LOW
- Low
- MODERATE
- Moderate
- HIGH
- High
- "Low"
- Low
- "Moderate"
- Moderate
- "High"
- High
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:AssessmentMetadataInSubscription ca039e75-a276-4175-aebc-bcd41e4b14b7 /subscriptions/{subscriptionId}/providers/Microsoft.Security/assessmentMetadata/{assessmentMetadataName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0